Lucene search
+L

250 matches found

threatpost
threatpost
added 2019/07/02 9:23 p.m.223 views

Security Camera Firm Arlo Zaps High-Severity Bugs

Two high-severity vulnerabilities in Arlo Technologies’ wireless home security camera gear have been patched. The flaws, which indirectly impact Arlo’s popular fleet of wireless home security cameras, are limited to adversaries with local network and physical access to Arlo Base Stations. Both...

10CVSS0.01741EPSS
Exploits0References5
prion
prion
added 2019/06/20 3:15 a.m.22 views

Design/Logic Flaw

A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to access potentially sensitive system usage information. The vulnerability is due to a lack of proper data protection mechanisms. An attacker could...

5CVSS5.2AI score0.02248EPSS
Exploits0References2Affected Software1
cve
cve
added 2019/06/20 3:0 a.m.238 views

CVE-2019-1874

CVE-2019-1874 affects Cisco Prime Service Catalog and is a CSRF vulnerability in the web-based management interface caused by insufficient CSRF protection. An unauthenticated, remote attacker could lure a user to a malicious link and perform arbitrary actions with the privileges of the affected u...

8.8CVSS9AI score0.00803EPSS
Exploits0References2Affected Software1
cisco
cisco
added 2019/06/19 4:0 p.m.89 views

Cisco Integrated Management Controller Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to access potentially sensitive system usage information. The vulnerability is due to a lack of proper data protection mechanisms. An attacker could...

5.3CVSS1.7AI score0.02248EPSS
Exploits0References1
prion
prion
added 2019/06/05 2:29 p.m.14 views

Information disclosure

NVIDIA Vibrante Linux version 1.1, 2.0, and 2.2 contains a vulnerability in the user space driver in which protection mechanisms are insufficient, may lead to denial of service or information disclosure...

4.6CVSS7.2AI score0.00422EPSS
Exploits1References1Affected Software1
osv
osv
added 2019/05/18 12:33 p.m.7 views

MGASA-2019-0175 Updated libxslt packages fix security vulnerability

libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded CVE-2019-11068...

9.8CVSS9.4AI score0.05089EPSS
Exploits0References3
nessus
nessus
added 2019/05/14 12:0 a.m.47 views

EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1521)

According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a...

10CVSS7AI score0.1081EPSS
Exploits17References21
nessus
nessus
added 2019/05/10 12:0 a.m.38 views

EulerOS Virtualization 2.5.3 : python (EulerOS-SA-2019-1359)

According to the version of the python packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - urllib in Python 2.x through 2.7.16 supports the localfile: scheme, which makes it easier for remote attackers to bypass protection...

9.1CVSS6.9AI score0.12261EPSS
Exploits1References2
debiancve
debiancve
added 2019/03/23 5:7 p.m.37 views

CVE-2019-9948

urllib in Python 2.x through 2.7.16 supports the localfile: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen'localfile:///etc/passwd' call...

9.1CVSS7.9AI score0.12261EPSS
Exploits1
osv
osv
added 2019/03/23 5:7 p.m.27 views

PSF-2019-12 urllib module local_file:// scheme

urllib in Python 2.x through 2.7.16 supports the localfile: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen'localfile:///etc/passwd' call...

9.1CVSS8.7AI score0.12261EPSS
Exploits1References1
cve
cve
added 2019/03/23 5:7 p.m.1008 views

CVE-2019-9948

CVE-2019-9948 involves urllib in Python 2.x (up to 2.7.16) and urllib in Python 3.x up to 3.7.4, where the local_file: scheme can bypass blacklist protections, enabling remote attackers to trigger local_file:///… URIs (e.g., /etc/passwd) and bypass URL-filtering. Public advisories from Debian, Re...

9.1CVSS9.4AI score0.12261EPSS
Exploits1References22Affected Software1
prion
prion
added 2018/11/14 11:29 a.m.19 views

Design/Logic Flaw

securityScan in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file...

6.8CVSS8.6AI score0.07791EPSS
Exploits4References4Affected Software1
cvelist
cvelist
added 2018/11/14 11:0 a.m.43 views

CVE-2018-19277

securityScan in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file...

8.7AI score0.07791EPSS
Exploits4References4
nessus
nessus
added 2018/10/03 12:0 a.m.257 views

GLSA-201810-01 : Mozilla Firefox: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201810-01 Mozilla Firefox: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the referenced CVE identifiers for details. Impact : A remote attacker could entice a user to view...

9.8CVSS7.9AI score0.21288EPSS
Exploits18References45
threatpost
threatpost
added 2018/09/20 9:7 p.m.19 views

Lucy Gang Debuts with Unusual Android MaaS Package

There’s a fresh bloom in the malware-as-a-service garden: Researchers have uncovered a new Russian-speaking threat actor hawking a proprietary cyber-weapon dubbed “Black Rose Lucy.” The offering is a malware-as-a-service MaaS bundle with two parts, consisting of a controlling web interface which...

0.4AI score
Exploits0References2
nvd
nvd
added 2018/09/05 8:29 p.m.21 views

CVE-2018-16546

Amcrest networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation, as demonstrated by...

5.9CVSS5.8AI score0.01001EPSS
Exploits0References1
cvelist
cvelist
added 2018/09/05 8:0 p.m.20 views

CVE-2018-16546

Amcrest networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation, as demonstrated by...

5.9AI score0.01001EPSS
Exploits0References1
nvd
nvd
added 2018/07/13 7:29 p.m.27 views

CVE-2018-10631

The 8840 Clinician Programmer executes the application program from the 8870 Application Card. An attacker with physical access to an 8870 Application Card and sufficient technical capability can modify the contents of this card, including the binary executables. If modified to bypass protection...

6.8CVSS6.5AI score0.00411EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2018/07/13 7:0 p.m.10 views

CVE-2018-10631 Medtronic N'Vision Clinician Programmer Protection Mechanism Failure

The 8840 Clinician Programmer executes the application program from the 8870 Application Card. An attacker with physical access to an 8870 Application Card and sufficient technical capability can modify the contents of this card, including the binary executables. If modified to bypass protection...

6.3CVSS6.5AI score0.00411EPSS
Exploits0References4
cvelist
cvelist
added 2018/07/13 7:0 p.m.30 views

CVE-2018-10631 Medtronic N'Vision Clinician Programmer Protection Mechanism Failure

The 8840 Clinician Programmer executes the application program from the 8870 Application Card. An attacker with physical access to an 8870 Application Card and sufficient technical capability can modify the contents of this card, including the binary executables. If modified to bypass protection...

6.3CVSS6.5AI score0.00411EPSS
Exploits0References4
Rows per page
Query Builder